ce-clean-gone-branches
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using branch names retrieved from the local git environment. This presents a risk of command injection if a branch name contains shell metacharacters (e.g.,
;,$(), or backticks). Evidence: The instruction in Step 3 of SKILL.md uses the$branchvariable directly in commands likegit worktree remove --force "$worktree_path"andgit branch -D "$branch". - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted local data (branch names) and uses it to drive agent actions without validation.
- Ingestion points: Branch names are ingested from the output of
git branch -vvvia thescripts/clean-gonescript as specified in SKILL.md. - Boundary markers: Absent; branch names are displayed to the user and passed to tools without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the capability to delete branches and remove worktrees via shell commands in SKILL.md.
- Sanitization: Absent; neither the discovery script nor the workflow instructions perform escaping or validation on the branch names before they are used in commands.
Audit Metadata